The Institute for Security and Technology’s Report Debunks Need for Ransomware Payment Ban

In a report released on Wednesday, the Institute for Security and Technology’s Ransomware Task Force (RTF) dismissed the idea of implementing a ban on ransom payments. The nonprofit organization highlighted concerns about such a ban impacting ransom payment reporting by victims, potentially driving more payments underground, and the unintended consequences of critical infrastructure exemptions.

Instead of advocating for a ban, the RTF proposed 16 milestones that it believes would be a more effective approach to reducing ransom payments. The co-chairs of the RTF stated, “While a ban may be an easier policy lift than activities designed to drive preparedness, it will almost certainly create the wrong kind of impact.”

Most of the RTF’s recommendations are already in place or in progress, with all but one of the proposals originally shared in a report released in September 2021. The group emphasized that organizations need to focus on improving cyber resilience and preparedness to combat ransomware attacks effectively.

The Cybersecurity and Infrastructure Security Agency is set to enforce the Cyber Incident Reporting for Critical Infrastructure Act of 2022, compelling critical infrastructure entities to disclose cyber incidents and ransom payments promptly. Additionally, organizations are already prohibited from making ransom payments to entities sanctioned by the U.S. Department of Treasury.

Debates surrounding the efficacy of a ransom payment ban continue, with some experts advocating for a federal-level ban as a more impactful solution. However, the RTF emphasizes the importance of building on existing efforts and enhancing cybersecurity measures to deter ransomware attacks effectively.

The RTF, led by eight co-chairs, including former cyber authorities like Kemba Walden, stresses the need for a commitment to intensifying ongoing efforts rather than implementing a strict ban on ransom payments for organizations targeted by ransomware attacks.

, , , , , ,
Show Comments

Fabio

Full Stack Developer

About the Author

I’m passionate about web development and design in all its forms, helping small businesses build and improve their online presence. I spend a lot of time learning new techniques and actively helping other people learn web development through a variety of help groups and writing tutorials for my blog about advancements in web design and development.

View Articles